LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-17-2012, 08:38 AM   #1
parkarnoor
Member
 
Registered: Apr 2010
Posts: 54

Rep: Reputation: 1
how to allow one ip address from iptables


Hi,

i have a linux server in the network. which has seperate VLAN.

and myself and other users in the company have another vlan.

i can connect to linux server.

company nework is 172.25.10.x and server network is 172.25.15.x

now i want only myself can connect to linux server and not all other users.

i am trying following command

#iptables -I INPUT -p tcp -s 172.25.10.x/24 -i eth0 -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
(where 172.25.10.x is actual my machine ip address)
but it is not restricting all other users from accessing the linux server.

how can i allow only my machine to access the linux server?

Last edited by parkarnoor; 03-17-2012 at 08:40 AM.
 
Old 03-17-2012, 10:38 AM   #2
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian Jessie 8.4
Posts: 5,873

Rep: Reputation: 348Reputation: 348Reputation: 348Reputation: 348
Here is an example iptables config . Pay attentention to the REJECT, DUMP, and DROP portions of the config.

Then read this Howto , Section 6.2.1 on configuring REJECT lists in iptables.

Hope you get it sorted out. Good luck.
 
Old 03-17-2012, 11:55 AM   #3
McPhart
LQ Newbie
 
Registered: Mar 2012
Location: The Netherlands
Distribution: Debian Sarge, Ubuntu and BackTrack
Posts: 6

Rep: Reputation: Disabled
Uncertain, but shouldn't you use /32 instead of /24 ??
Since it's only 1 address you want to grant access, /32 seems more plausible to me.
 
Old 03-18-2012, 03:13 AM   #4
parkarnoor
Member
 
Registered: Apr 2010
Posts: 54

Original Poster
Rep: Reputation: 1
how to allow one ip address to access linux server using ssh

Hi,

this is in reply to previous one

i added following statement is iptables:

#iptables -A INPUT -p tcp -i br0 -s 172.25.10.x -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT

but this will allow my ip adress to access linux server.

also all other colleagues can also access. now how will i prevent others users to access the linux server.

i am also working on links given be below (bigrigdriver).

Regards
 
Old 03-18-2012, 04:15 AM   #5
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 190Reputation: 190
YOu need to replace the "x" in the IP, with your actual ip address for a start.
Next, that rule, is only going to be of any help, if you have a default policy, or catch all rule to drop everything other than what matches your rules.

If you are going to include the input interface match, you need to figure out what interface you are using. In your examples, you use eth0 and br0.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding ip address in IPTABLES mosharaf_linux Linux - Networking 4 11-14-2010 10:20 PM
Lipipq(iptables) . How do I redirect captured packet to another address with iptables inet905 Programming 0 05-25-2010 02:20 AM
iptables different ports on each ip address qwertyjjj Linux - Newbie 11 08-12-2009 07:59 AM
MAC Address on IPTables boyfren Linux - Networking 9 02-21-2007 09:46 PM
Should i use the eth0 ip address of my internet ip address when applying iptables ForumKid Linux - Security 2 01-03-2002 09:54 AM


All times are GMT -5. The time now is 04:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration